Device and method for personalizing chip cards

ABSTRACT

Procedures for the performance of electronic chip-card personalization and/or initialization and/or a chip-card application, characterized by the following procedural steps: contacting the chip card by a first device; setting up or providing a connection between the first device and a separate second device designed to establish a logical communication link to provide for communication between the chip card and the second device via the first device; requesting the performance of chip-card personalization and/or initialization and/or a chip-card application, with the request directed to the first device by the second device; and performing the requested chip-card personalization and/or initialization and/or the requested chip-card application by way of a transparent transfer of data and/or commands back and forth between chip card and second device via the logical communication link.

The present invention concerns a device and a procedure for thepersonalization of chip cards.

Chip cards are used in many systems with high security requirements inorder to provide internal keys to system clients locally without thesekeys being accessible when the system is circumvented. Chip cards areused as security or authorization ID and provide the means for secureauthentication and encoding of data streams via the keys and algorithmsstored on them. Data stored in chip cards during initialization andpersonalization may be accessed only by authorized systems followingproper authentication, a procedure checking authorization.

Examples of areas of application for systems featuring chip cardsinclude mobile communication systems, bank systems using bankcards andpay-per-view TV systems.

During the initialization and personalization of chip cards, the datarequired for subsequent use are programmed into the chip of the chipcard. These chip-card life-cycle processing steps, which in a way arestill part of the production stage, in this context represent processessubject to the highest security requirements. For instance, duringinitialization and personalization, keys are included in the card thatare required for subsequent card use but may also, if reconnoitered,jeopardize the security of the entire application system of the chipcards.

During initialization, for example, a chip card is “programmed.” Thismeans that data are introduced to the chip card, enabling the latter toperform the function assigned to it. In the case of personalization, atleast a part of the data put on the chip card is unique, meaning it isdifferent for each individual chip card, thereby individualizing and“personalizing” the chip card. The data transferred as part of suchprocesses commonly also include data relevant to security, such as keys;however, the sequence of commands, too, as well as their structure andcontents as regards the execution of personalization or initializationalready represent information critical to security, which should beaccessible to as few people as possible.

In conventional systems in the area of chip-card personalization, thecomponent in control of process logic—i.e., of the command sequence ofchip-card personalization—is an integral part of the system, which alsoexecutes card handling and card contacting. Card handling in thiscontext means making the chip card accessible for commands and exteriordata or, in other words, the execution of basic requirements in terms ofelementary physical hardware and software functions, such as contactingthe card and supplying the card with the necessary operating voltage,but also causing the card to be reset in order to enable it tocommunicate with the outside world.

This means that the logic, on which chip-card personalization is based,as well as the appertaining algorithms and keys are anchored in thissystem and thus must be disclosed to the system supplier and stored inthe system. As a result, the manufacturers of personalization systemsmust be given security-related information about the logic of chip-cardpersonalization, about parts of the chip-card command interface as wellas about algorithms and keys. The distribution of information with sucha high degree of security represents an increased security risk.Knowledge of the chip cards' logic facilitates trespasses into thechip's security mechanisms on the card. Security lapses that wereintroduced to the systems by the manufacturer intentionally orunintentionally might result in chip cards being compromised and keysbeing reconnoitered and thus jeopardize the chip card's applicationsystem.

Therefore, it is the purpose of the present invention to create a deviceand a procedure for the personalization of chip cards that featureincreased security.

Another purpose of the present invention is to separate security logic(e.g., command sequence of personalization, authentication, etc.) andcard handling. However, the communication path and the application'srequirement should be predetermined by the system contacting the chipcards.

A significant aspect of the present invention is that personalization,initialization or critical chip-card applications are to be performed bya separate security system, in which electronic administrativeprocessing steps (personalization, initialization) and criticalapplications of chip cards (authentication) are separated within thechip-card life span between the system and card handling or chipcontacting.

The process logic of electronic chip-card personalization andinitialization, the chip-card command interface, which is the softwareinterface representing the command set available to the chip card, aswell as algorithms and the keys needed for personalization areimplemented in a central security system that can execute these taskswhen prompted by a so-called chip-card control system in charge of cardhandling and contacting.

The system for card handling and contacting sees to it that a so-calledlogical communication link is set up between the card's chip and thesecurity system for electronic personalization and initialization.

In this context, a communication link is a connection between twopartners engaging in communication. This connection may be used toexchange data and does not necessarily provide a direct link between thetwo partners but can be routed via one or several intermediate stops, tothe effect that, in the place of an actual direct link, an indirect or“logical connection” exists between the partners. In such a case, thecommunication points are not connected to one another directly but alonga data path setting up a link or connection between the twocommunication end points and providing a data path or “logicalcommunication link,” which is used to provide the means for a properexchange of data between the communication end points—regardless of theactual hardware connection path between the two communication endpoints, be it directly or indirectly. The logical communication link tobe used is communicated to the central security system as part of arequest for the performance of chip-card personalization or anotherchip-card application.

The central system for the performance of chip-card personalization,initialization, configuration or the execution of a chip-cardapplication in a favorable embodiment example provides the means forcontacting various card-handling systems or so-called chip-card controlsystems. The system contains a request of a chip-card control system forthe performance of chip-card personalization, initialization or anapplication and, subsequently, performs the requested process logic(e.g., personalizing a chip card)—i.e., the corresponding sequence ofcommands and data—via a logical communication link, which represents adata path between the central system and the chip card.

The request directed to the central system for chip-cardpersonalization, initialization, configuration or for the execution of achip-card application carries the information required for the executionof the requested application or the process logic corresponding toit—i.e., the corresponding command sequence. Such information couldpertain to the communication protocol to be applied. If, for the sake ofclarity, mention is made below of only one requested application, itshould be assumed that the requested application, in addition to otherchip-card applications, may well be chip-card personalization orinitialization.

The communication of the commands and messages to and from the chip cardoccurs in a transparent fashion—i.e., the relayed data is transferredunchanged between the communication partners involved or, in otherwords, the data dispatched from one end point of communication (chipcard or central system) to another (central system or chip card) reachtheir destination having undergone no change of any kind. Suchtransparent communication links are provided or set up by the system andenable the control system to proceed with card handling and cardcontacting. The communication path, which is the entry point of thelogical communication link in the chip-card control system that is toserve as the communication medium, and the communication protocol arecommunicated to the central security system when an application isrequested.

Below, the present invention is detailed using several embodimentexamples in reference to the attached illustrations, of which:

FIG. 1 shows a diagram of the overall concept according to a firstembodiment example of the present invention;

FIG. 2 shows a diagram of the procedural steps according to the firstembodiment example of the present invention;

FIG. 3 shows a diagram of the elements of the overall concept accordingto a second embodiment example of the present invention.

Below, the elements of a first embodiment example of the invention areexplained in reference to FIG. 1.

A chip-card administration system (CAS) 100 according to FIG. 1 is asystem for the personalization, initialization and/or the execution ofcritical applications using chip cards (e.g., authentication). It isconnected to a chip-card control system (CKS) 120 via a communicationlink 110—i.e., via a connection along which data may be exchanged. Partof the control system 120, a chip-card coupler 130 is responsible forphysically contacting a chip card 140.

A chip-card coupler 130 is regarded as an integral part of the chip-cardcontrol system here. It conducts the communication with the chip card ona physical level and prompts the chip card to be reset using acorresponding electronic signal. Usually, the chip-card coupler providesto the chip-card control system CKS a command interface, meaning acertain set of commands, which it then converts into the correspondingelectronic signal sequence understood by the chip card. The chip-cardcontrol system communicates with the chip card on the basis of thiscommand interface.

A communication link 150 realized as a result thereof creates a linkbetween the chip card 140 and the chip-card control system CKS 120. Thecommunication link 150 and the communication link 110 together form alogical communication link that provides the means for the exchange ofdata between the chip card 140 and the chip-card administration system100.

In this context, the data exchange that occurs between the CKS and theCAS via the communication link 110 is subject to a certain protocol. Forinstance, the data transferred from the CAS to the CKS are “packed” orformatted in accordance with this protocol, and the data received by theCKS are “unpacked,” meaning the corresponding use data, such as commandsfor the chip cards, are identified in the incoming data stream and thenforwarded to the chip card 140 via the communication link 150.

With the aid of a communication link 160, which has a controllingfunction, commands and messages may be exchanged between the controlsystem 120 and the chip-card administration system 100, thereby enablingthe chip-card administration system to significantly influence thecontrol system.

This does not mean that the two communication links 160 cannot berealized via what is the same connection in terms of hardware. Forinstance, this may occur if the communication protocol or the controldata or the header of the relayed data provide for an identification ofa destination and thus identify and define the communication link withregard to its starting point and final destination. To take this examplefurther, the CKS would then be in a position to identify with respect totheir final destination (e.g., chip card or the CKS itself) and forwardaccordingly or process independently the data received by way of theonly hardware connection.

The chip-card administration system carries out its tasks when promptedby the chip-card control system CKS. For this purpose, the chip-cardcontrol system provides the chip-card administration system CAS with thetwo communication links 110 and 160 or the CKS communication end pointsfor the development of the communication links that enable communicationboth with the chip card 140 using the other communication link 150 andthe control system 120.

The chip-card administration system CAS features all the keys andalgorithms required to perform the obligatory application logic forinitialization, personalization or applications relevant to security,such as authentication using a card. The chip-card administration systemCAS cannot perform its tasks until the chip-card control system 120 hascontacted the card's chip and set up a communication link with the chip.

The chip-card control system is a system that establishes contact withthe card's chip and thus enables communication with the chip. This isdone by first establishing a physical contact to the card's chip. Then,in accordance with ISO 7816, the chip card is reset, which means thatthe chip card is prompted by the dispatch of a certain signal, theso-called reset signal, to answer using the response “Answer to ResetATR.” This response contains data that, for example, identify the chipcard with regard to the communication protocol to be used, the rhythmfrequency, etc. The chip-card control system CKS then provides the firstcommunication link 110 or the corresponding CKS communication end pointto the chip-card administration system CAS 100 and thus sets up jointlywith the CAS the logical communication link between chip card andchip-card administration system along the communication links 110 and150. A second communication link 160 between chip-card control systemCKS and chip-card administration system CAS is provided by the chip-cardcontrol system for purposes of coordinating and controlling bothsystems.

The logical communication link between chip card and chip-cardadministration system CAS, consisting of the two communication links 110and 150, is a transparent communication link—i.e., communication betweenCAS and chip card is conducted in a transparent fashion. In thiscontext, transparent communication means that the commands and datadispatched by the CAS in any given case, which are designated directlyfor the chip card, are transferred to the chip card unchanged. By thesame token, messages that originated with the chip card and aredesignated for the CAS are transferred unchanged to the CAS via thetransparent logical communication link. Accordingly, if the informationunits exchanged are so-called data telegrams comprising a controlelement and a data element, the parts of these data telegrams designateddirectly for a communication destination, which would be either chipcard or CAS, are transferred unchanged to the correspondingcommunication destination. The chip-card control system thus provides atransparent logical communication link as a connection between chip cardand chip-card administration system.

In accordance with the first embodiment example of the invention, thesystem, for the purpose of handling chip cards or contacting chips,establishes contact with the chip-card administration system CAS as aseparate security system and requests the execution of one of theseapplications for a chip card via the communication link 160. Thechip-card control system CKS does the same for the purpose of executingelectronic personalization or initializing chip cards or executing achip-card application. In this context, applications would be electronicadministrative processing steps involving chip cards (personalization,initialization) or critical applications using chip cards (e.g.,authentication) within the life cycle of a chip card. In case of apersonalization, for instance, special keys for each chip card and/oralgorithms or other data are applied to the chip card, which thusindividualize the chip card and assign a corresponding function, therebyidentifying and personalizing it as the special chip card of itsrespective user.

After the application is requested by the chip-card control system CKS,the chip-card administration system CAS performs a process logic for therequested application, the process logic consisting of a sequence ofcommands and data to the chip card as well as the appertaining responsesthat, taken as a whole, represent the requested application. In thecourse of the application, the commands and data are sent transparentlyto the chip card via the specified transparent logical communicationlink, while resulting communications or responses, in turn, are receivedby the chip card from the chip-card administration system CAS via thesame logical communication link. This logical communication link thusestablishes a transparent connection between chip card and chip-cardadministration system CAS. The chip-card control system CKS sets up thislink and guarantees the transparent transfer of data telegrams to andfrom the chip card.

The request for the application sent by the chip-card control system CKSto the chip-card administration system includes information on thecommunication link to be used. The information transferred via therequest contain, among other data, the communication address—i.e., theidentification of the communication link's intended entry point into theCKS as well as the communication protocol, which must be used for theprovided communication link, and information on the application to beexecuted. If a chip-card application starts by resetting the chip cardaccording to ISO 7816, this chip-card reset is performed prior to theapplication requested by the chip-card control system. The results ofthe reset (Answer to Reset) are likewise transferred to the chip-cardadministration system as part of the application request.

Even during the execution of the process logic of the requestedapplication, the chip-card control system may, under certaincircumstances, be prompted by the chip-card administration system toreset the card—e.g., if this is part of the intended process logic.However, this may also happen if an error occurred during theapplication's execution. The CAS then requests the reset, and theresulting reset information is communicated to the chip-cardadministration system once resetting has been completed. After that, theprocess logic required for the execution of the application may again beperformed using transparent communication, or resumed at the appropriateplace in case resetting is part of the process logic.

Upon the conclusion of the process logic, the chip-card administrationsystem communicates to the chip-card control system the end of theapplication along with the result or a result message with regard to theapplication. This result may consist of a message indicating that theapplication has been completed successfully. However, the result messagecould conceivably assume other forms and convey different information.For instance, the result message may contain further information withregard to the application executed. In case the application has beenexecuted successfully, the transparent logical communication link set upfor the application's execution may be dismantled again, and the chipcard may be de-contacted. If the application was not completedsuccessfully, however, options include making another attempt.

The individual steps that are performed in accordance with the firstembodiment example of the invention are summarized below:

1) Chip card is reset, triggered by the chip-card control system CKS orthe chip-card coupler following chip contacting.

2) Logical communication link is set up by the chip-card control systemfor transparent communication between chip card and chip-cardadministration system.

3) Request for an application, sent to the chip-card administrationsystem, featuring information on the communication link to be used, onthe chip reset from Step 1 (“answer to reset” information) and on theapplication to be executed.

4) Transparent communication between chip-card administration system andchip card for the direct transfer of card commands and responses duringthe performance of the application's process logic. In this context,transparent communication is ensured by means of the chip-card controlsystem.

5) If required (e.g., in the case of personalization), the chip-cardadministration system requests a chip reset and reset information fromthe chip-card control system.

6) Results regarding the application are communicated to the chip-cardcontrol system by the chip-card administration system.

7) If applicable, the logical communication link is dismantled by thechip-card control system.

The process of chip-card personalization is represented schematically inFIG. 2 in accordance with the first embodiment example of the invention.The left side represents the CAS, where the personalization isperformed. Using the center part, the CKS, commands and responses aretransferred transparently to the chip card via the coupler CC.

The specified concept is based on the following basic principles:

Transparent logical communication link:

The chip-card control system provides the means for transparentcommunication between chip card and chip-card administration system byproviding a transparent logical communication link.

Requesting the application:

A request for the execution of an application is sent by the chip-cardcontrol system to the chip-card administration system CAS. The requestcontains information on the intended application and the transparentlogical communication link to be used for this purpose, as well as thecommunication protocol. Consequently, the request carries the followinginformation:

Information regarding the communication (address of the communicationlink provided, of the protocol to be used)

Identification of the requested application

Information regarding the chip card contacted, from “answer to reset”

If applicable, password for the identification of the chip card'sapplication request within the chip-card control system, so theapplication requests can be re-identified,

Communicating the application result:

The chip-card administration system communicates a result regarding theexecution of an application back to the chip-card control system, withsuch dispatch including the following information:

Result regarding the application, the so-called result message

If applicable, an identification of the chip card's application requestswithin the chip-card control system

The process of personalization is performed in accordance with theconcept detailed above by two separate systems, the chip-card controlsystem CKS and the chip-card administration system CAS. In this context,the chip-card control system assumes the part of handling and contactingthe chip card and conducts the communication on a physical level usingthe chip-card coupler. No information on process logic, chip-cardcommand interface, keys and algorithms of electronic administrativechip-card processing and chip-card application has to be stored in thechip-card control system. The chip-card control system sees to it thatan electronic link is established to the chip on the card and serves asrouter, or intermediate stop, for the transparent communication with thechip card. As the prompting or requesting system, the chip-card controlsystem determines the type of application to be executed by thechip-card administration system.

By contrast, the execution of the application takes place in thechip-card administration system. Process logic, algorithms for theapplication using the chip card and corresponding keys may be stored andsecured well here in a separate system. Therefore, specific informationon the process logic in the chip card, the chip-card command interfaceand the algorithms are required only for the development of a chip-cardadministration system.

The communication between chip-card control system and chip-cardadministration system may be conducted via a standard network. Using therequest mechanism, the protocol and the logical communication link to beused for the application may be defined in the request.

With the aid of a central chip-card administration system, severalapplications including personalization, initialization and chip-cardauthentication may be executed at the same time. For this to bepossible, the required algorithms and data relevant to security needonly be implemented and administrated in a central security system.

Using the mechanism of the application request directed to the chip-cardadministration system, the various applications may be requested fromvarious partner systems or chip-card control systems. Whichcommunication mechanisms should be used therein is communicated to thechip-card administration system along with the application request.

For instance, a Point-of-Sale (POS) card reader that can be reached viaa WAN connection may request the reconfiguration of a chip card while,simultaneously, a personalization system with high production throughputrequests a personalization sequence from the chip-card administrationsystem using a LAN connection.

An embodiment example of a “point-of-sale (POS)” personalization using,for instance, a terminal accessible to the client, is given below.

After a client chip card was contacted in a chip-card control system, apersonalization request is sent to a central chip-card administrationsystem via a WAN network. For chip-card personalization, the chip-cardadministration system employs the communication link indicated in theapplication request. Authentication of the chip card using the chip-cardadministration system is achieved through mutual authentication. As anadditional security mechanism for the action via the WAN/LAN network,additional encoding during communication may be superimposed.Information regarding the encoding method and indications as to the keysto be used may be communicated by the chip-card control system to thechip-card administration system as part of the personalization request.

A typical application could be the reconfiguration of the chip card inaccordance with certain client-defined requirements at the Point of Salea terminal, for instance.

A second embodiment example of the present invention in reference toFIG. 3 is given below.

In this embodiment example, several chip cards 340 and 342 aretransported by a transport unit 322 that represents a part of thechip-card control system 320, and contacted by a chip-card coupler unit324 that hip-card control system 320. The coupler unit comprises severalindividual couplers CC1 and CC4, each of which can contact one chipcard.

A chip-card administration system (CAS) 300 in the example given here isa personalization system again, which executes the personalizationprocess of the chip cards. After the chip cards have been contacted, itis called up by the chip-card control system and the chip-cardadministration system CAS generates the personalization commands,forwards them and receives and processes the responses received from thechip card. The CAS again is not a part of the chip-card control systembut a separate device that communicates with the chip-card controlsystem. The chip-card control system is not responsible for generatingor encoding chip-card personalization commands.

Instead of personalization, however, another application may be executedby the CAS analogously—e.g., the programming or encoding of chip cards.In such case, too, the corresponding commands are generated by the CASand forwarded transparently to the chip card.

For the most part, the chip-card control system serves the purpose offorwarding messages, so that the personalization messages may be sentback and forth between the chip card and the chip-card administrationsystem. The responses of the chip card have been packed in accordancewith the defined communication protocol and are forwarded the CAS viathe corresponding communication link. As control unit, the chip-cardcontrol system is also in charge of transport and the mechanism tocontact the chip cards. A control unit 326 is provided for this purposein the CKS.

In this context, the control unit 326 may control the transport unit insuch a way that new chip cards that are to be personalized are fed via atransport unit to, and contacted by, one of the chip-card couplers CCIthrough CC4. Following successful personalization, the chip cards arethen transported further and, if personalization was not successful,sorted out. Following this procedure, chip cards may be personalized ingreat numbers.

By means of a corresponding request, the CKS prompts for processing ofpersonalization after the chip card was physically contacted. Via thecoupler communication links 330 and 332 depicted in the diagram, whichrepresent the connections between the control unit and the chip-cardcouplers, the CKS, or the control unit 326 of the CKS, moreover effectsthe reset to be triggered by the couplers CC1 And CC3. It then receivesthe “Answer to Rest” information given out by the chip card andtransfers these to the chip-card administration system along with apersonalization request.

The communication links' mode of operations in reference to FIG. 3 isexplained in greater detail below. In the present embodiment example,several chip-card couplers CC1 through CC4 are integrated into the CKS.For each of these chip-card couplers CC1 through CC4, the CKS provides acommunication link or a corresponding CKS communication end point 370through 376, which provides the means for a data transfer between theCAS and the chip card. FIG. 3 depicts the two communication links 310and 312. All personalization commands are forwarded using these links tothe corresponding chip-card couplers and then on to the chip card, whilethe chip-card responses to the commands are sent to the CAS.

For instance, a connection is established using the communication link310 between the CAS and the CKS communication end point 370; the linkcontinues from there to the coupler CC1, to the chip card 340 and thusforms a logical communication link between CAS and the chip card 340. Asfar as the chip card 342 is concerned, the connection runs analogouslyvia the communication link 312.

In the case of the present embodiment example, communication between theCKS and the CAS employs a TCP/IP socket connection. A socket is acommunication end point. The CKS supplies server sockets 370 through380, and the CAS—as client—establishes the connection to these serversockets using the client sockets 390. The sockets provided by the CKSmay logically be divided into two groups. Each of the groups is used tosend different types of messages back and forth between the CKS and theCAS. The two groups are the control socket 380 and the personalizationsockets 370 through 376.

The interfaces between the chip-card control system CKS and the externalchip-card administration system CAS thus are sockets in a TCP/IPconnection. The logical communication links employ such a connectionbetween the chip cards and the chip-card administration system.

Aside from the personalization sockets, therefore, another communicationlink 360 is set up by the CKS for personalization-controlmessages—namely, by employing the control sockets. Using thesepersonalization-control messages, the personalization process istriggered by a personalization-request message, and performance isconfirmed by means of a result message.

After the chip card was physically contacted, the CKS prompts the cardto be reset. The CKS starts the chip-card programming process by sendingthe personalization-request message to the CAS via the control socket.Based on this message, the CAS is informed of the communication link orthe chip-card personalization socket intended for the personalizationcommands and personalization messages; moreover, of the communicationprotocol and other information pertaining to the chip card (e.g., resetinformation) and the request being processed. The CAS, in turn, sendsthe personalization commands to the corresponding chip-cardpersonalization socket in adherence to the applicable communicationprotocol. In accordance with the prescribed communication protocol, theCKS then unpacks the personalization commands and sends them to thechip-card coupler. In this context, a part of the personalizationcommands may be control information for instance, which displays atimeout in effect during the execution of the personalization commandfor the chip card. The personalization commands themselves aretransferred, transparently and without modification, to the chip card.Excepted are only those commands from CKS requesting a reset of thechip. The responses of the chip card, in turn, are transferredtransparently to the CAS via the CKS using the same personalizationsocket and the same communication protocol.

Different types of messages are exchanged using different socket groups.Personalization messages representing personalization commands from theCAS as well as the chip-card responses to these commands are exchangedor transferred via the chip-card personalization socket. Duringprocessing, control messages that may serve to request the chip-cardpersonalization process, to report the completion of the personalizationprocess or to exchange status messages are transferred using the controlsocket. With the exception of the reset requests concerning a chip card,which are transferred by the CAS to the CKS, the personalizationmessages are transferred transparently between the chip card and the CASvia the CKS. During the personalization process, the CAS may also sendchip-card reset requests to CKS via the personalization socket. Thecontrol socket, on the other hand, is used to transfer control messagesto and from the chip-card administration system. There is precisely onecontrol socket for a chip-card control system. The control messagestransferred via this socket include:

Requests for the execution of a personalization

Personalization-result messages.

The personalization sockets are used to transfer personalizationmessages between the CAS and the CKS during the personalization processof the chip. A chip-card coupler is assigned to one of thesepersonalization sockets based on logic. The chip-card control systeminternally sets up a communication link between the personalizationsocket and the corresponding chip-card coupler. The programming commands(except for reset requests) and responses of the chip card aretransferred transparently between chip card and chip-card administrationsystem via the logical communication link thus established. Thechip-card control system needs only to unpack or forward them inaccordance with the communication protocol, the recipient being thechip-card coupler assigned to the socket from which the message wasreceived. In the opposite direction, the chip-card control system has to“pack,” or format, the response in accordance with theapplication-protocol format and send it to the chip-card administrationsystem using the assigned personalization socket.

If there is no reset command for the chip card, the reset must betriggered by means of the corresponding electronic signal at thechip-card contacts. This signal is generated by the chip-card coupler.If, during the personalization process, the chip card needs to be reset,a reset command is dispatched to the CKS via the personalization socket.The CKS must interpret this command and convert it into a correspondingreset command for the chip-card coupler. The chip-card response to thereset (ATR, answer to reset), in turn, is transferred transparently tothe CAS.

Upon the completion of the chip card's personalization, the CASgenerates a personalization-result message and sends it off. Thismessage comprises the programming result and, possibly, some moreinformation, such as information that is important for further chip-cardprocessing. If an error occurs during the personalization process, thechip card is sorted out as defective by the CKS.

In the present embodiment example, too, the chip-card control systemserves as router that receives from the chip-card administration systemthe data ultimately designated for the chip card and forwards them in atransparent way—i.e., unchanged—to the chip card for which the data isdesignated. In this embodiment example, however, it is possible toprocess or personalize several chip cards at the same time.

Using another embodiment example, it is conceivable that severalchip-card control systems—if applicable, via various data lines—areconnected to the chip-card administration system, that each of thesechip-card control systems can process one or several chip cards and thatthe applications requested by the different chip-card control systemsdiffer from one another. With the aid of a user interface that would bepart of the chip-card control system or by assigning production requeststo various request types, the CKS may chose from several possibleapplications, such as personalization, initialization or the executionof another chip-card application like authentication.

An expert may easily conceive of additional modifications of the presentinvention. For instance, aside from authentication, the chip-cardapplications mentioned above might include those that provide the meansfor an interactive exchange of information between chip-card controlsystem and the cardholder.

To give another example, the chip card could be contacted using wirelesstechnology. Instead of a mechanical contact, contacting relies onhigh-frequency electromagnetic waves. In this case, neither the transferof data nor the supply of voltage requires a wire. The supply voltage ofthe chip card could be generated by means of self-inductance on the chipcard and triggered by a high-frequency signal. Communication after thatwould rely on known high-frequency technologies.

What is claimed is:
 1. A process for executing an electronicpersonalization and/or initialization of a chip card and/or a chip cardapplication, characterized by the following process steps: contacting ofthe chip card by a first device; setting up or making available aconnection between the first device and a separate second device to forma logical communications channel to permit communication between chipcard and the second device via the first device; request for executionof personalization and/or initialization of the chip card and/orexecution of a chip card application by the second device from the firstdevice; and execution of the required personalization and/orinitialization of the chip card and/or the requested chip cardapplication using transparent transmission of data and commands betweenchip card and second device via the logic communications channel,whereby commands and data sent by the second device are intendeddirectly for the chip card, and the chip card command interface isimplemented in the second device; wherein the request for an applicationcontains information on the logic communications channel to be used andthe application to be executed; a process logic required for executingthe requested personalization and/or initialization and/or chip cardapplication is executed by the second device; and the second devicetransmits the result regarding the executed process logic to the firstdevice.
 2. A process for executing an electronic personalization and/orinitialization of a chip card and/or a chip card application,characterized by the following process steps: contacting of the chipcard by a first device; setting up or making available a connectionbetween the first device and a separate second device to form a logicalcommunications channel to permit communication between chip card and thesecond device via the first device; request for execution ofpersonalization and/or initialization of the chip card and/or executionof a chip card application by the second device from the first device;and execution of the required personalization and/or initialization ofthe chip card and/or the requested chip card application usingtransparent transmission of data and commands between chip card andsecond device via the logic communications channel, whereby commands anddata sent by the second device are intended directly for the chip card,and the chip card command interface is implemented in the second device;wherein the request for execution of a personalization and/orinitialization and/or execution of a chip card application containsinformation regarding the communication, the communications address tobe used and the communications protocol to be used and, furthermore,information on the requested application, the contacted chip card and anidentification of the requested operation within the first device, andafter execution of the personalization and/or initialization and/or chipcard application, the first device tears down the logic communicationschannel.
 3. A process for executing an electronic personalization and/orinitialization of a chip card and/or a chip card application,characterized by the following process steps: contacting of the chipcard by a first device; setting up or making available a connectionbetween the first device and a separate second device to form a logicalcommunications channel to permit communication between chip card and thesecond device via the first device; request for execution ofpersonalization and/or initialization of the chip card and/or executionof a chip card application by the second device from the first device;and execution of the required personalization and/or initialization ofthe chip card and/or the requested chip card application usingtransparent transmission of data and commands between chip card andsecond device via the logic communications channel, whereby commands anddata sent by the second device are intended directly for the chip card,and the chip card command interface is implemented in the second device;wherein the request for an application contains information on the logiccommunications channel to be used and the application to be executed; aprocess logic required for executing the requested personalizationand/or initialization and/or chip card application is executed by thesecond device; and the second device transmits the result regarding theexecuted process logic to the first device; and wherein the processlogic executed by the second device is an authentication.
 4. A systemfor executing a personalization and or initialization and/or a chip cardapplication comprising: a first device for contacting the chip card; aseparate second device for executing the process logic required for thepersonalization and/or initialization of a chip card and/or forexecuting a chip card application in response to a request by the firstdevice; equipment for providing or setting up a connection between thefirst device and the second device to form a logic communicationschannel to permit communication between the chip card and the seconddevice via the first device; and equipment for the transparenttransmission of data and commands related to the execution between thesecond device and the chip card via the logic communications channel;whereby commands and data sent by the second device are intendeddirectly for the chip card, and the chip card command interface isimplemented in the second device; wherein the first device furthermorecomprises: equipment for contacting several chip cards; equipment forforming at least one logic communications channel between each one ofthe chip cards and the second device via the first device; equipment forsending several requests for simultaneous execution of severalpersonalizations and/or initializations and/or chip card applications bythe second device; and equipment to create one or several serversockets; and wherein the second device furthermore comprises: equipmentto create one or several client sockets; whereby one or severalclient/server socket pairs are used for simultaneous communicationbetween the chip cards and the second device.
 5. A system for executinga personalization and or initialization and/or a chip card applicationcomprising: a first device for contacting the chip card; a separatesecond device for executing a process logic required for thepersonalization and/or initialization of a chip card and/or forexecuting a chip card application in response to a request by the firstdevice; equipment for providing or setting up a connection between thefirst device and the second device to form a logic communicationschannel to permit communication between the chip card and the seconddevice via the first device; and equipment for the transparenttransmission of data and commands related to the execution between thesecond device and the chip card via the logic communications channel;whereby commands and data sent by the second device are intendeddirectly for the chip card, and the chip card command interface isimplemented in the second device; wherein a client/server socket pair isused for transmitting commands or data related to the personalizationand/or initialization and/or chip card application, and a client/serversocket pair is used for transmitting control messages.
 6. A system forexecuting a personalization and or initialization and/or a chip cardapplication comprising: a first device for contacting the chip card; aseparate second device for executing a process logic required for thepersonalization and/or initialization of a chip card and/or forexecuting a chip card application in response to a request by the firstdevice; equipment for providing or setting up a connection between thefirst device and the second device to form a logic communicationschannel to permit communication between the chip card and the seconddevice via the first device; and equipment for the transparenttransmission of data and commands related to the execution between thesecond device and the chip card via the logic communications channel;whereby commands and data sent by the second device are intendeddirectly for the chip card, and the chip card command interface isimplemented in the second device; wherein the process logic executed bythe second device comprises an authentication or another securitycritical application.
 7. A system for executing a personalization and orinitialization and/or a chip card application comprising: a first devicefor contacting the chip card; a separate second device for executing aprocess logic required for the personalization and/or initialization ofa chip card and/or for executing a chip card application in response toa request by the first device; equipment for providing or setting up aconnection between the first device and the second device to form alogic communications channel to permit communication between the chipcard and the second device via the first device; and equipment for thetransparent transmission of data and commands related to the executionbetween the second device and the chip card via the logic communicationschannel; whereby commands and data sent by the second device areintended directly for the chip card, and the chip card command interfaceis implemented in the second device; wherein the second device comprisesat least one of the following features: equipment for executing at leasta portion of the process logic required to execute a security relevantapplication; and the codes required executing a security relevantapplication.